Re: LDAP authentication

Ilker,

I've made the changes on your advise but still I'm having "Proxy
authentication failed" message:

Here's my new acl

     authenticate_program /usr/local/squid/bin/squid_ldap_auth
     myldapservername

     acl LAN src 199.40.216.0/255.255.255.0
     acl ldap proxy_auth REQUIRED

     http_access allow LAN ldap
     http_access deny all

I've even changed the authenticate line with a search base and port:

     authenticate_program /usr/local/squid/bin/squid_ldap_auth
     o=dhl.com myldapservername 389

Anything else I need to look into?

joel

R.Ilker Gokhan wrote:

> Try:authenticate_rpogram ....................acl LAN src
> your_network_ip/subnet_maskacl ldap proxy_auth REQUIREDhttp_access
> allow LAN ldap /* you should determine for authnetication which ip or
> user group or destination domain etc..*/http_access deny allGood
> luckIlker G.
>
> -----Original Message-----
> From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
> Sent: Monday, April 24, 2000 5:38 PM
> To: R.Ilker Gokhan; squid-users@ircache.net
> Subject: Re: LDAP authentication
>
> Ilker,
>
> I found this mail from the archive and tried to simulate
> having my users authenticated first but I always get a
> 'Proxy Authentication failed" error. even though my ldap
> server name is correct. What do you think is wrong.
>
> authenticate_program /usr/local/squid/bin/squid_ldap_auth
> myldapservername
>
> acl ldap proxy_auth REQUIRED
>
> http_access allow ldap
> http_access deny all
>
>
> Please help
>
> Joel
>
>
>
> R.Ilker Gokhan wrote:
>
> >
> >
> > The authenticate_option is used to the older squid
> > version. You should remove it. Try in the squid.conf:
> >
> > authenticate_program /usr/local/squid/bin/squid_ldap_auth
> > <ldap_server_name>
> >
> > Good luck..
> > Ilker G.
> >
> > -----Original Message-----
> > From: David Minor [mailto:dminor@salud.unm.edu]
> > Sent: Wednesday, April 19, 2000 11:15 PM
> > To: squid-users@ircache.net
> > Subject: LDAP authentication
> >
> > OK. We have been running squid for a while now with the
> > ncsa_auth authentication. This is fine as it goes, but we
> > would l
> > ike to take advantage of our LDAP server for this purpose.
> >
> > I have been trying to set this up using the external
> > authentication
> > programs mentioned in the FAQ. Neither has been working
> > for me.
> > Here is what I see:
> >
> > 1) The ldap_auth.c program. The instructions indicate
> > that the
> > following line needs to be in squid.conf:
> >
> > authenticate_options ldapserver.foo.bar 389 xxx uid
> >
> > When this is there however squid start up with the error:
> >
> > parseConfigFile: line 642 unrecognized:
> > 'authenticate_options
> > ldapserver.foo.bar 389 xxx uid'
> >
> > Should this work or is there something different that I
> > should do?
> >
> > 2) With the squid_auth_ldap program, when I try to run
> > make on it
> > I get an error about no rule to make target.
> >
> > Sorry if these are basic questions but I don't see them in
> > the list archives.
> > (Of course I'm open to trying any other solution that
> > works!)
> >
> > BTW This is squid 2.3STABLE51on a RedHat machine.
> >
> > Thanks,
> >
> > david.
>
Received on Sun Apr 30 2000 - 22:31:19 MDT